IG1187 ODA Enterprise Risk Assessment v2.0.0

The purpose of this document is two fold:

  • To present a high-level assessment of the security and privacy risks that have to be considered when implementing elements of the TMF Open Digital Architecture (ODA) ecosystem.
  • To provide guidance and a place to start for the detailed risk assessment required to implement and deploy ODA components.

An enterprise risk assessment is an absolute necessity prior to implementation and deployment of any aspect of the ODA. The threat landscape and the regulatory environment such as the European General Data Protection Regulation (GDPR) do not allow treating risks for security and privacy as secondary requirements.

The assessment can positively affect the likelihood and consequences of risks materializing, as well as deliver benefits related to better informed design, implementation and operations decisions for the ODA.

Benefits accrued to enterprises following an enterprise risk management model include reduced cost of investment, more accurate business reporting, competitive advantage, improved perception of the organization, better marketplace presence and, in the case of digital business ecosystems, a healthy business community.

The primary audience for this document are ODA architects, designers and security experts.

The intention of this write-up is to provide a place to start when doing the detailed risk assessment and mitigation planning for a concrete implementation.

This document therefore does not remove the need for such detailed threat assessments. But it should deliver a list of considerations that should allow streamlining and shorten such efforts.

General Information

Document series: IG1187
Document version: 2.0.0
Status: TM Forum Approved
Document type: Exploratory Report
Team approved: 1-Oct-21
IPR mode: RAND
Published on: 4-Oct-21
TM Forum Approved: 19-Nov-21
Date modified: 22-Nov-21
ODF Technical: Security Governance